[NMS-12673] Authenticated RCE vulnerability via ActiveMQ Minion payload deserialization - The OpenNMS Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Resolved (View Workflow)
Priority: Critical
Resolution: Fixed
Affects Version/s: 26.0.0
Fix Version/s: Meridian-2018.1.18, Meridian-2019.1.6, 26.0.1
Component/s: Architecture, Minion
Security Level: Default (Default Security Scheme)
Labels:
Environment:
DockerHub image

Sprint:
Horizon 2020 - April 15th

Description

The disclosing researcher writes:

I began to have a look at your software (suite) OpenNMS. Yesterday, I found that one could get Remote Code Execution (RCE) via malicious MQ messages
on the Horizon base station from a remote machine with minion credentials. At least that was the case I found quickly to be valid with respect to the role model.
Find attached a short write-up describing a little bit more on the exploitation steps.

The referenced write-up is included as a PDF attachment.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

20200415_OpenNMS_RCE.pdf
200 kB
17/Apr/20 7:38 PM

Activity

People

Assignee:: Jesse White

Reporter:: Jeff Gehlbach

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 17/Apr/20 7:42 PM

Updated:: 18/Jan/22 7:45 PM

Resolved:: 21/Apr/20 12:09 AM